Computer systems handle increasing amounts of important, sensitive, and valuable information that needs protection from tampering and theft. There are many software applications that must keep a secret on a platform. Some example applications are financial/banking applications and medical records applications. Each secret holder may be mutually distrustful of other secret holders and each secret may be protected independently of the other secrets.
To counter such tampering and theft, a trusted software execution environment (TXE) may be used. A TXE prevents untrusted software from having access to trusted software and data. Intel® Software Guard Extensions (Intel® SGX) are an example of a TXE and include a set of instructions and memory access changes added to Intel® Architecture. These extensions allow an application to instantiate a protected container, sometimes referred to as an enclave. An enclave is a protected area in the application's address space that provides confidentiality and integrity even in the presence of privileged malware. Attempted accesses to the enclave memory area from software not resident in the enclave are prevented even from privileged software such as virtual machine monitors, BIOS, or operating systems.